Once more, here is an example of how carelessness and/or a mistake leads to a privacy breach…
Secret child data found in the street
A USB thumb drive containing personally identifiable information (PII) about children and related court cases and medical records from sexual assault cases was found a street in Wales, UK.
The information was from the Vale of Glamorgan Council.
The information on the USB drive was reportedly not encrypted and not password protected. One of the people named on the USB drive heard about it from the person who actually found the drive in the street and told him when he ran into him at a train station that he had read sensitive and confidential information about him and his son on the stick.
The number of individuals whose PII was on the USB drive was not known.
Unfortunately this is not the first, nor will it be the last, time that clear text PII data is found on mobile storage devices and mobile computers; readily readable because no encryption or other safeguards were used to protect it.
Folks, if PII moves…through public networks or on the feet of people carrying it in some way…it needs to be strongly safeguarded through encryption and any additional safeguards based upon the sensitivity of the data and the risks to the data.
Tags: awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy breach, privacy training, risk management, security awareness, security training